summaryrefslogtreecommitdiffstats
path: root/ChangeLog.txt
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r--ChangeLog.txt45
1 files changed, 45 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt
index 72c9a9e86..ebb036f75 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,48 @@
+Mon Dec 20 19:41:32 UTC 2021
+a/pkgtools-15.0-noarch-42.txz: Rebuilt.
+ setup.services: list rc.nfsd. Suggested by alienBOB.
+l/expat-2.4.2-x86_64-1.txz: Upgraded.
+l/gegl-0.4.34-x86_64-1.txz: Upgraded.
+n/httpd-2.4.52-x86_64-1.txz: Upgraded.
+ SECURITY: CVE-2021-44790: Possible buffer overflow when parsing
+ multipart content in mod_lua of Apache HTTP Server 2.4.51 and
+ earlier (cve.mitre.org)
+ A carefully crafted request body can cause a buffer overflow in
+ the mod_lua multipart parser (r:parsebody() called from Lua
+ scripts).
+ The Apache httpd team is not aware of an exploit for the
+ vulnerabilty though it might be possible to craft one.
+ This issue affects Apache HTTP Server 2.4.51 and earlier.
+ Credits: Chamal
+ SECURITY: CVE-2021-44224: Possible NULL dereference or SSRF in
+ forward proxy configurations in Apache HTTP Server 2.4.51 and
+ earlier (cve.mitre.org)
+ A crafted URI sent to httpd configured as a forward proxy
+ (ProxyRequests on) can cause a crash (NULL pointer dereference)
+ or, for configurations mixing forward and reverse proxy
+ declarations, can allow for requests to be directed to a
+ declared Unix Domain Socket endpoint (Server Side Request
+ Forgery).
+ This issue affects Apache HTTP Server 2.4.7 up to 2.4.51
+ (included).
+ Credits: ae 1/4*a-o(R)e 1/4
+ TengMA(@Te3t123)
+ For more information, see:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224
+ (* Security fix *)
+xap/gimp-2.10.30-x86_64-1.txz: Upgraded.
+xap/mozilla-thunderbird-91.4.1-x86_64-1.txz: Upgraded.
+ This release contains security fixes and improvements.
+ For more information, see:
+ https://www.mozilla.org/en-US/thunderbird/91.4.1/releasenotes/
+ https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538
+ (* Security fix *)
+xap/xlockmore-5.68-x86_64-1.txz: Upgraded.
+xap/xsnow-3.4.2-x86_64-1.txz: Upgraded.
++--------------------------+
Sun Dec 19 18:57:11 UTC 2021
kde/kid3-3.9.0-x86_64-1.txz: Upgraded.
kde/latte-dock-0.10.6-x86_64-1.txz: Upgraded.
generated by cgit v1.2.3-65-gdbad (git 2.45.1) at 2024-05-30 04:11:14 +0000